Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings

Research Article

Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings

Download181 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-16161-2_6,
        author={Ming Li and Shucheng Yu and Kui Ren and Wenjing Lou},
        title={Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings},
        proceedings={Security and Privacy in Communication Networks. 6th Iternational ICST Conference, SecureComm 2010, Singapore, September 7-9, 2010. Proceedings},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={Personal health records cloud computing patient-centric privacy fine-grained access control attribute-based encryption},
        doi={10.1007/978-3-642-16161-2_6}
    }
    
  • Ming Li
    Shucheng Yu
    Kui Ren
    Wenjing Lou
    Year: 2012
    Securing Personal Health Records in Cloud Computing: Patient-Centric and Fine-Grained Data Access Control in Multi-owner Settings
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-16161-2_6
Ming Li1,*, Shucheng Yu1,*, Kui Ren2,*, Wenjing Lou1,*
  • 1: Worcester Polytechnic Institute
  • 2: Illinois Institute of Technology
*Contact email: mingli@ece.wpi.edu, yscheng@ece.wpi.edu, kren@ece.iit.edu, wjlou@ece.wpi.edu

Abstract

Online personal health record (PHR) enables patients to manage their own medical records in a centralized way, which greatly facilitates the storage, access and sharing of personal health data. With the emergence of cloud computing, it is attractive for the PHR service providers to shift their PHR applications and storage into the cloud, in order to enjoy the elastic resources and reduce the operational cost. However, by storing PHRs in the cloud, the patients lose physical control to their personal health data, which makes it necessary for each patient to encrypt her PHR data before uploading to the cloud servers. Under encryption, it is challenging to achieve fine-grained access control to PHR data in a scalable and efficient way. For each patient, the PHR data should be encrypted so that it is scalable with the number of users having access. Also, since there are multiple owners (patients) in a PHR system and every owner would encrypt her PHR files using a different set of cryptographic keys, it is important to reduce the key distribution complexity in such multi-owner settings. Existing cryptographic enforced access control schemes are mostly designed for the single-owner scenarios.